CVE-2008-3530 Information

Description

sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1 NetBSD 3.0 through 4.0 and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message.

Reference

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-015.txt.asc http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/31745 http://secunia.com/advisories/32401 http://secunia.com/advisories/35074 http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc http://support.apple.com/kb/HT3467 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/31004 http://www.securitytracker.com/id?1020820 http://www.securitytracker.com/id?1021111 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/0633 http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/44908